Sunday, December 29, 2013

Network Protocol Levels

You should be aware of the fact, that when talking about networking you will hear the word "protocol" all the
time. This is because protocols are sets of standards that define all operations within a network. They define how various operations are to be performed. They may even define how devices outside the network can interact with the network. Protocols define everything from basic networking data structures, to higher level application programs. They define various services and utility programs. Protocols operate at many layers of the network models described below. There are protocols considered to be transport protocols such as TCP and UDP. Other protocols work at the network layer of the OSI network model shown below, and some protocols work at several of the network layers.

RFCs

Protocols are outlined in Request for Comments (RFCs). At the end of this document is a list of protocols and associated RFC numbers.Protocols. Although RFCs define protocols not all RFCs define protocols but may define other requirements for the internet such as RFC 1543 which provides information about the preparation of RFCs. The following RFCs are very central to the TCP/IP protocol.

  • RFC 1122 - Defines host requirements of the TCP/IP suite of protocols covering the link, network (IP), and transport (TCP, UDP) layers.
  • RFC 1123 - The companion RFC to 1122 covering requirements for internet hosts at the application layer
  • RFC 1812 - Defines requirements for internet gateways which are IPv4 routers

Network Models

There are several network models which you may hear about but the one you will hear about most is the ISO network model described below. You should realize, however that there are others such as
  • The internet layered protocol
  • The TCP/IP 4 layered protocol
  • The Microsoft networking protocol
If you don't like any of these models, feel free to invent your own along with your own networking scheme of
course, and add it to the list above. You can call it "The MyName Protocol". Ever wonder why networking can be so complex and confusing? Welcome to the world of free enterprise!

The ISO Network Model Standard

The International Standards Organization (ISO) has defined a standard called the Open Systems Interconnection (OSI) reference model. This is a seven layer architecture listed below. Each layer is considered to be responsible for a different part of the communications. This concept was developed to accommodate changes in technology. The layers are arranged here from the lower levels starting with the physical (hardware) to the higher levels.

1. Physical Layer - The actual hardware.
2. Data Link Layer - Data transfer method (802x ethernet). Puts data in frames and ensures error free
transmission. Also controls the timing of the network transmission. Adds frame type, address, and error
control information. IEEE divided this layer into the two following sublayers.
  •  Logical Link control (LLC) - Maintains the Link between two computers by establishing Service Access Points (SAPs) which are a series of interface points. IEEE 802.2.
  • Media Access Control (MAC) - Used to coordinate the sending of data between computers. The 802.3, 4, 5, and 12 standards apply to this layer. If you hear someone talking about the MAC address of a network card, they are referring to the hardware address of the card.
3. Network Layer - IP network protocol. Routes messages using the best path available.
4. Transport Layer - TCP, UDP. Ensures properly sequenced and error free transmission.
5. Session Layer - The user's interface to the network. Determines when the session is begun or opened, how long it is used, and when it is closed. Controls the transmission of data during the session. Supports security and name lookup enabling computers to locate each other.
6. Presentation Layer - ASCII or EBCDEC data syntax. Makes the type of data transparent to the layers
around it. Used to translate date to computer specific format such as byte ordering. It may include compression. It prepares the data, either for the network or the application depending on the direction it is
going.
7. Application Layer - Provides services software applications need. Provides the ability for user applications to interact with the network.
 
Many protocol stacks overlap the borders of the seven layer model by operating at multiple layers of the model. File Transport Protocol (FTP) and telnet both work at the application, presentation, and the session layers.

The Internet, TCP/IP, DOD Model

This model is sometimes called the DOD model since it was designed for the department of defense It is also
called the TCP/IP four layer protocol, or the internet protocol. It has the following layers:

1. Link - Device driver and interface card which maps to the data link and physical layer of the OSI model.
2. Network - Corresponds to the network layer of the OSI model and includes the IP, ICMP, and IGMP
protocols.
3. Transport - Corresponds to the transport layer and includes the TCP and UDP protocols.
4. Application - Corresponds to the OSI Session, Presentation and Application layers and includes FTP,
Telnet, ping, Rlogin, rsh, TFTP, SMTP, SNMP, DNS, your program, etc.

Please note the four layer TCP/IP protocol. Each layer has a set of data that it generates.

1. The Link layer corresponds to the hardware, including the device driver and interface card. The link layer
has data packets associated with it depending on the type of network being used such as ARCnet, Token
ring or ethernet. In our case, we will be talking about ethernet.

2. The network layer manages the movement of packets around the network and includes IP, ICMP, and
IGMP. It is responsible for making sure that packages reach their destinations, and if they don't, reporting
errors.

3. The transport layer is the mechanism used for two computers to exchange data with regards to software.
The two types of protocols that are the transport mechanisms are TCP and UDP. There are also other typesof protocols for systems other than TCP/IP but we will talk about TCP and UDP in this document.

4. The application layer refers to networking protocols that are used to support various services such as FTP, Telnet, BOOTP, etc. Note here to avoid confusion, that the application layer is generally referring to
protocols such as FTP, telnet, ping, and other programs designed for specific purposes which are governed
by a specific set of protocols defined with RFC's (request for comments). However a program that you
may write can define its own data structure to send between your client and server program so long as the
program you run on both the client and server machine understand your protocol. For example when your
program opens a socket to another machine, it is using TCP protocol, but the data you send depends on
how you structure it.

Data Encapsulation, a Critical concept to be understood

When starting with protocols that work at the upper layers of the network models, each set of data is wrapped inside the next lower layer protocol, similar to wrapping letters inside an envelope. The application creates the data, then the transport layer wraps that data inside its format, then the network layer wraps the data, and finally the link (ethernet) layer encapsulates the data and transmits it.
To continue, you should understand the definition of a client and server with regards to networking. If you are a server, you will provide services to a client, in much the same way as a private investigator would provide services to their clients. A client will contact the server, and ask for service, which the server will t are many clients, a server must be constantly ready to receive client requests, even though it may already be working with other clients. Usually the client program will operate on one computer, while the server program will operate on another computer, although programs can be written to be both a client and a server.

Lets say you write a client chat program and a server chat program to be used by two people to send messages between their machines. You run the server program on machine B, and the client program on machine A. Tom is on machine A and George is on machine B. George's machine is always ready to be contacted, but cannot initiate a contact. Therefore if George wants to talk to Tom, he cannot, until Tom contacts him. Tom, of course can initiate contact at any time. Now you decide to solve the problem and merge the functionality of the two programs into one, so both parties may contact the other. This program is now a client/server program which operates both as a client and a server. You write your code so when one side initiates contact, he will get a dialog box, and a dialog box will pop up on the other side. At the time contact is initiated, a socket is opened between the two machines and a virtual connection is established. The program will let the user (Tom) type text into the dialog window, and hit send. When the user hits send, roughly the following will happen.

1. Your program will pass Tom's typed text in a buffer, to the socket. This happens on machine A.
2. The underlying software (Code in a library called by a function your program used to send the data) supporting the socket puts the data inside a TCP data packet. This means that a TCP header will be          added to the data. This header contains a source and destination port number along with some other information
and a checksum. Deamon programs (Daemon definition at the bottom of this page) may also work at this
level to sort packages based on port number (hence the TCP wrapper program in UNIX and Linux).
3. The TCP packet will be placed inside an IP data packet with a source and destination IP address along  with some other data for network management. This may be done by a combination of your library  function, the operating system and supporting programs.
4. The IP data packet is placed inside an ethernet data packet. This data packet includes the destination and source address of the network interface cards (NIC) on the two computers. The address here is the   hardware address of the respective cards and is called the MAC address.
5. The ethernet packet is transmitted over the network line.
6. Assuming there is a direct connection between the two computers, the network interface card on machine
B, will recognize its MAC address and grab the data.
7. The IP data packet will be extracted from the ethernet data packet. A combination of deamons and the
operating system will perform this operation.
8. The TCP data packet will be extracted from the IP data packet. A combination of deamons, the operating
system, and libraries called by your program will perform this function.
9. The data will be extracted from the TCP packet. Your program will then display the retrieved data (text) in the text display window for George to read.

Be aware that for the sake of simplicity, we are excluding details such as error management, routing, and
identifying the hardware address of the NIC on the computer intended to receive the data. Also we are not
mentioning the possible rejection of service based on a packet's port number or sender's IP address.

A deamon program is a program that runs in the background on a computer operating system. It is used to
perform various tasks including server functions. It is usually started when the operating system is booted, but a user or administrator may be able to start or stop a daemon at any time.

Friday, December 27, 2013

TCP/IP Ports and Addresses

Each machine in the network shown below, has one or more network cards. The part of the network that does the job of transporting and managing the data across the network is called TCP/IP which stands for Transmission Control Protocol (TCP) and Internet Protocol (IP). There are other alternative mechanisms for managing network traffic, but most, such as IPX/SPX for Netware, will not be described here in much detail. The IP layer requires a 4 (IPv4) or 6 (IPv6) byte address to be assigned to each network interface card on each computer. This can be done automatically using network software such as dynamic host configuration protocol (DHCP) or by manually entering static addresses into the computer.

Ports

The TCP layer requires what is called a port number to be assigned to each message. This way it can determine the type of service being provided. Please be aware here, that when we are talking about "ports" we are not talking about ports that are used for serial and parallel devices, or ports used for computer hardware control. These ports are merely reference numbers used to define a service. For instance, port 23 is used for telnet services, and HTTP uses port 80 for providing web browsing service. There is a group called the IANA (Internet Assigned Numbers Authority) that controls the assigning of ports for specific services. There are some ports that are assigned, some reserved and many unassigned which may be utilized by application programs. Port numbers are straight unsigned integer values which range up to a value of 65535.

Addresses

Addresses are used to locate computers. It works almost like a house address. There is a numbering system to help the mailman locate the proper house to deliver customer's mail to. Without an IP numbering system, it would not be possible to determine where network data packets should go.

IPv4, which means internet protocol version 4, is described here. Each IP address is denoted by what is called dotted decimal notation. This means there are four numbers, each separated by a dot. Each number represents a one byte value with a possible mathematical range of 0-255. Briefly, the first one or two bytes, depending on the class of network, generally will indicate the number of the network, the third byte indicates the number of the subnet, and the fourth number indicates the host number. This numbering scheme will vary depending on the network and the numbering method used such as Classless Inter-Domain Routing (CIDR) which is described later. The host number cannot be 0 or 255. None of the numbers can be 255 and the first number cannot be 0. This is because broadcasting is done with all bits set in some bytes. Broadcasting is a form of communication that all hosts on a network can read, and is normally used for performing various network queries. An address of all 0's is not used, because when a machine is booted that does not have a hardware address assigned, it provides 0.0.0.0 as its address until it receives its assignment. This would occur for machines that are remote booted or those that boot using the dynamic host configuration protocol (DHCP). The part of the IP address that defines the network is referred to as the network ID, and the latter part of the IP address that defines the host address is referred to as the host ID. IPv6 is an enhancement to the IPv4 standard due to the shortage of internet addresses. The dotted notation values are increased to 12 bit values rather than byte (8 bit) values. This increases the effective range of each possible decimal value to 4095. Of course the values of 0 and 4095 (all bits set) are generally reserved the same as with the IPv4
standard.

Network Hardware Connections

Ethernet uses star topology for the physical wiring layout. A diagram of a typical ethernet network layout is
shown below.

On a network, a hub is basically a repeater which is used to re-time and amplify the network signals. In this
diagram, please examine the hubs closely. On the left are 4 ports close to each other with an x above or below them. This means that these ports are crossover ports. This crossover is similar to the arrangement that was used for serial cables between two computers. Each serial port has a transmitter and receiver. Unless there was a null modem connection between two serial ports, or the cable was wired to cross transmit to receive and vice versa, the connection would not work. This is because the transmit port would be sending to the transmit port on the other side.

Therefore note that you cannot connect two computers together with a straight network jumper cable between their network cards. You must use a special crossover cable that you can buy at most computer stores and some office supply stores for around 10 dollars. Otherwise, you must use a hub as shown here.

The hub on the upper left is full, but it has an uplink port on the right which lets it connect to another hub. The
uplink does not have a crossover connection and is designed to fit into a crossover connection on the next hub. This way you can keep linking hubs to put computers on a network. Because each hub introduces some delay onto the network signals, there is a limit to the number of hubs you can sequentially link. Also the computers that are connected to the two hubs are on the same network and can talk to each other. All network traffic including all broadcasts is passed through the hubs.

In the diagram, machine G has two network cards, eth0 and eth1. The cards eth1 and eth0 are on two different networks or subnetworks. Unless machine G is programmed as a router or bridge, traffic will not pass between the two networks. This means that machines X and Z cannot talk to machines A through F and vice versa. Machine X can talk to Z and G, and machines A though F can talk to each other and they can talk to machine G. All machines can talk to machine G. Therefore the machines are dependent on machine G to talk between the two networks or subnets.

Each network card, called a network interface card (NIC) has a built in hardware address programmed by its manufacturer. This is a 48 bit address and should be unique for each card. This address is called a media access control (MAC) address. The media, in our specific case will be the ethernet. Therefore when you refer to ethernet, you are referring to the type of network card, the cabling, the hubs, and the data packets beingsent. You are talking about the hardware that makes it work, along with the data that is physically sent on the wires.

There are three types of networks that are commonly heard about. They are ethernet, token-ring, and ARCnet. Each one is described briefly here, although this document is mainly about ethernet.

Ethernet:

The network interface cards share a common cable. This cable structure does not need to form a structure, but must be essentially common to all cards on the network. Before a card transmits, it listens for a break in traffic. The cards have collision detection, and if the card detects a collision while trying to transmit, it will retry after some random time interval.

Token Ring:

Token ring networks form a complete electrical loop, or ring. Around the ring are computers, called stations. The cards, using their built in serial numbers, negotiate to determine what card will be the master interface card. This card will create what is called a token, that will allow other cards to send data. Essentially, when a card with data to send, receives a token, it sends its data to the next station up the ring to be relayed. The master interface will then create a new token and the process begins again.

ARCnet:

ARCnet networks designate a master card. The master card keeps a table of active cards, polling each one
sequentially with transmit permission.

Tuesday, December 24, 2013

Network Topology

A network consists of multiple computers connected using some type of interface, each having one or more
interface devices such as a Network Interface Card (NIC) and/or a serial device for PPP networking. Each
computer is supported by network software that provides the server or client functionality. The hardware used to transmit data across the network is called the media. It may include copper cable, fiber optic, or wireless transmission. The standard cabling used for the purposes of this document is 10Base-T category 5 ethernet cable. This is twisted copper cabling which appears at the surface to look similar to TV coaxial cable. It is terminated on each end by a connector that looks much like a phone connector. Its maximum segment length is 100 meters.

Network Categories

There are two main types of network categories which are:
1. Server based
2. Peer-to-peer

In a server based network, there are computers set up to be primary providers of services such as file service or mail service. The computers providing the service are are called servers and the computers that request and use the service are called client computers. In a peer-to-peer network, various computers on the network can act both as clients and servers. For instance, many Microsoft Windows based computers will allow file and print sharing. These computers can act both as a client and a server and are also referred to as peers. Many networks are combination peer-to-peer and server based networks. The network operating system uses a network data protocol to communicate on the network to other computers. The network operating system supports the applications on that computer. A Network Operating System (NOS) includes Windows NT, Novell Netware, Linux, Unix and others.

Three Network Topologies The network topology describes the method used to do the physical wiring of the network. The main ones are bus, star, and ring.


1. Bus - Both ends of the network must be terminated with a terminator. A barrel connector can be used to       extend it.
2. Star - All devices revolve around a central hub, which is what controls the network communications, and
    can communicate with other hubs. Range limits are about 100 meters from the hub.
3. Ring - Devices are connected from one to another, as in a ring. A data token is used to grant permission       for each computer to communicate.

There are also hybrid networks including a star-bus hybrid, star-ring network, and mesh networks with
connections between various computers on the network. Mesh networks ideally allow each computer to have a direct connection to each of the other computers. The topology this documentation deals with most is star topology since that is what ethernet networks use.